coder/coderPublic

NotificationsYou must be signed in to change notification settings
Fork1k
Star11.1k

Commit0a73f84

authored

fix: merge cherry-picked items for v2.26.0 (#19678)

Co-authored-by: Cian Johnston <cian@coder.com>Co-authored-by: Mathias Fredriksson <mafredri@gmail.com>Co-authored-by: Hugo Dutka <hugo@coder.com>Co-authored-by: Kacper Sawicki <kacper@coder.com>Co-authored-by: Atif Ali <atif@coder.com>Co-authored-by: Danielle Maywood <danielle@themaywoods.com>Co-authored-by: Susana Ferreira <susana@coder.com>Co-authored-by: Brett Kolodny <brettkolodny@gmail.com>Co-authored-by: Dean Sheather <dean@deansheather.com>Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com>

1 parent8083d9d commit0a73f84Copy full SHA for 0a73f84

File tree

51 files changed

+2407

-271

lines changed

.github
- dependabot.yaml
cli
- server.go
coderd
- aitasks.go
- apikey.go
- apikey_test.go
- coderd.go
- coderdtest
  - coderdtest.go
- database
  - dbauthz
    - dbauthz.go
    - dbauthz_test.go
  - dbgen
    - dbgen.go
  - dbmetrics
    - querymetrics.go
  - dbmock
    - dbmock.go
  - dbpurge
    - dbpurge.go
    - dbpurge_test.go
  - dump.sql
  - migrations
  - models.go
  - querier.go
  - querier_test.go
  - queries.sql.go
  - queries
  - unique_constraint.go
- prometheusmetrics
  - prometheusmetrics.go
  - prometheusmetrics_test.go
- provisionerdserver
- taskname
  - taskname.go
docs
- admin
  - integrations
    - prometheus.md
  - templates
    - extending-templates
      - prebuilt-workspaces.md
    - index.md
    - managing-templates
      - external-workspaces.md
- images/admin/templates
  - external-workspace.png
- manifest.json
enterprise/coderd
- coderd.go
- coderdenttest
  - coderdenttest.go
- license
- provisionerdaemons.go
- workspaces_test.go
go.mod
go.sum
scripts/metricsdocgen
- metrics
site/src/components/RadioGroup
- RadioGroup.tsx

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

51 files changed

+2407

-271

lines changed

`‎.github/dependabot.yaml‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -33,6 +33,7 @@ updates:`
`33`	`33`	`-dependency-name:"*"`
`34`	`34`	`update-types:`
`35`	`35`	`-version-update:semver-patch`
	`36`	`+ -dependency-name:"github.com/mark3labs/mcp-go"`
`36`	`37`
`37`	`38`	`# Update our Dockerfile.`
`38`	`39`	`-package-ecosystem:"docker"`

`‎cli/server.go‎`

Lines changed: 12 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -62,12 +62,6 @@ import (`
`62`	`62`	`"github.com/coder/serpent"`
`63`	`63`	`"github.com/coder/wgtunnel/tunnelsdk"`
`64`	`64`
`65`		`-"github.com/coder/coder/v2/coderd/entitlements"`
`66`		`-"github.com/coder/coder/v2/coderd/notifications/reports"`
`67`		`-"github.com/coder/coder/v2/coderd/runtimeconfig"`
`68`		`-"github.com/coder/coder/v2/coderd/webpush"`
`69`		`-"github.com/coder/coder/v2/codersdk/drpcsdk"`
`70`		`-`
`71`	`65`	`"github.com/coder/coder/v2/buildinfo"`
`72`	`66`	`"github.com/coder/coder/v2/cli/clilog"`
`73`	`67`	`"github.com/coder/coder/v2/cli/cliui"`
`@@ -83,25 +77,31 @@ import (`
`83`	`77`	`"github.com/coder/coder/v2/coderd/database/migrations"`
`84`	`78`	`"github.com/coder/coder/v2/coderd/database/pubsub"`
`85`	`79`	`"github.com/coder/coder/v2/coderd/devtunnel"`
	`80`	`+"github.com/coder/coder/v2/coderd/entitlements"`
`86`	`81`	`"github.com/coder/coder/v2/coderd/externalauth"`
`87`	`82`	`"github.com/coder/coder/v2/coderd/gitsshkey"`
`88`	`83`	`"github.com/coder/coder/v2/coderd/httpmw"`
`89`	`84`	`"github.com/coder/coder/v2/coderd/jobreaper"`
`90`	`85`	`"github.com/coder/coder/v2/coderd/notifications"`
	`86`	`+"github.com/coder/coder/v2/coderd/notifications/reports"`
`91`	`87`	`"github.com/coder/coder/v2/coderd/oauthpki"`
`92`	`88`	`"github.com/coder/coder/v2/coderd/prometheusmetrics"`
`93`	`89`	`"github.com/coder/coder/v2/coderd/prometheusmetrics/insights"`
`94`	`90`	`"github.com/coder/coder/v2/coderd/promoauth"`
	`91`	`+"github.com/coder/coder/v2/coderd/provisionerdserver"`
	`92`	`+"github.com/coder/coder/v2/coderd/runtimeconfig"`
`95`	`93`	`"github.com/coder/coder/v2/coderd/schedule"`
`96`	`94`	`"github.com/coder/coder/v2/coderd/telemetry"`
`97`	`95`	`"github.com/coder/coder/v2/coderd/tracing"`
`98`	`96`	`"github.com/coder/coder/v2/coderd/updatecheck"`
`99`	`97`	`"github.com/coder/coder/v2/coderd/util/ptr"`
`100`	`98`	`"github.com/coder/coder/v2/coderd/util/slice"`
`101`	`99`	`stringutil"github.com/coder/coder/v2/coderd/util/strings"`
	`100`	`+"github.com/coder/coder/v2/coderd/webpush"`
`102`	`101`	`"github.com/coder/coder/v2/coderd/workspaceapps/appurl"`
`103`	`102`	`"github.com/coder/coder/v2/coderd/workspacestats"`
`104`	`103`	`"github.com/coder/coder/v2/codersdk"`
	`104`	`+"github.com/coder/coder/v2/codersdk/drpcsdk"`
`105`	`105`	`"github.com/coder/coder/v2/cryptorand"`
`106`	`106`	`"github.com/coder/coder/v2/provisioner/echo"`
`107`	`107`	`"github.com/coder/coder/v2/provisioner/terraform"`
`@@ -280,6 +280,12 @@ func enablePrometheus(`
`280`	`280`	`}`
`281`	`281`	`}`
`282`	`282`
	`283`	`+provisionerdserverMetrics:=provisionerdserver.NewMetrics(logger)`
	`284`	`+iferr:=provisionerdserverMetrics.Register(options.PrometheusRegistry);err!=nil {`
	`285`	`+returnnil,xerrors.Errorf("failed to register provisionerd_server metrics: %w",err)`
	`286`	`+}`
	`287`	`+options.ProvisionerdServerMetrics=provisionerdserverMetrics`
	`288`	`+`
`283`	`289`	`//nolint:revive`
`284`	`290`	`returnServeHandler(`
`285`	`291`	`ctx,logger,promhttp.InstrumentMetricHandler(`

`‎coderd/aitasks.go‎`

Lines changed: 0 additions & 8 deletions

Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,6 @@ import (`
`11`	`11`
`12`	`12`	`"github.com/go-chi/chi/v5"`
`13`	`13`	`"github.com/google/uuid"`
`14`		`-"golang.org/x/xerrors"`
`15`	`14`
`16`	`15`	`"cdr.dev/slog"`
`17`	`16`
`@@ -196,13 +195,6 @@ func (api API) tasksCreate(rw http.ResponseWriter, r http.Request) {`
`196`	`195`	`// prompts and mapping status/state. This method enforces that only AI task`
`197`	`196`	`// workspaces are given.`
`198`	`197`	`func (api*API)tasksFromWorkspaces(ctx context.Context,apiWorkspaces []codersdk.Workspace) ([]codersdk.Task,error) {`
`199`		`-// Enforce that only AI task workspaces are given.`
`200`		`-for_,ws:=rangeapiWorkspaces {`
`201`		`-ifws.LatestBuild.HasAITask==nil\|\|!*ws.LatestBuild.HasAITask {`
`202`		`-returnnil,xerrors.Errorf("workspace %s is not an AI task workspace",ws.ID)`
`203`		`-}`
`204`		`-}`
`205`		`-`
`206`	`198`	`// Fetch prompts for each workspace build and map by build ID.`
`207`	`199`	`buildIDs:=make([]uuid.UUID,0,len(apiWorkspaces))`
`208`	`200`	`for_,ws:=rangeapiWorkspaces {`

`‎coderd/apikey.go‎`

Lines changed: 33 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -12,6 +12,8 @@ import (`
`12`	`12`	`"github.com/moby/moby/pkg/namesgenerator"`
`13`	`13`	`"golang.org/x/xerrors"`
`14`	`14`
	`15`	`+"cdr.dev/slog"`
	`16`	`+`
`15`	`17`	`"github.com/coder/coder/v2/coderd/apikey"`
`16`	`18`	`"github.com/coder/coder/v2/coderd/audit"`
`17`	`19`	`"github.com/coder/coder/v2/coderd/database"`
`@@ -56,6 +58,14 @@ func (api API) postToken(rw http.ResponseWriter, r http.Request) {`
`56`	`58`	`return`
`57`	`59`	`}`
`58`	`60`
	`61`	`+// TODO(Cian): System users technically just have the 'member' role`
	`62`	`+// and we don't want to disallow all members from creating API keys.`
	`63`	`+ifuser.IsSystem {`
	`64`	`+api.Logger.Warn(ctx,"disallowed creating api key for system user",slog.F("user_id",user.ID))`
	`65`	`+httpapi.Forbidden(rw)`
	`66`	`+return`
	`67`	`+}`
	`68`	`+`
`59`	`69`	`scope:=database.APIKeyScopeAll`
`60`	`70`	`ifscope!="" {`
`61`	`71`	`scope=database.APIKeyScope(createToken.Scope)`
`@@ -121,10 +131,29 @@ func (api API) postToken(rw http.ResponseWriter, r http.Request) {`
`121`	`131`	`// @Success 201 {object} codersdk.GenerateAPIKeyResponse`
`122`	`132`	`// @Router /users/{user}/keys [post]`
`123`	`133`	`func (apiAPI)postAPIKey(rw http.ResponseWriter,rhttp.Request) {`
`124`		`-ctx:=r.Context()`
`125`		`-user:=httpmw.UserParam(r)`
	`134`	`+var (`
	`135`	`+ctx=r.Context()`
	`136`	`+user=httpmw.UserParam(r)`
	`137`	`+auditor=api.Auditor.Load()`
	`138`	`+aReq,commitAudit=audit.InitRequest[database.APIKey](rw,&audit.RequestParams{`
	`139`	`+Audit:*auditor,`
	`140`	`+Log:api.Logger,`
	`141`	`+Request:r,`
	`142`	`+Action:database.AuditActionCreate,`
	`143`	`+})`
	`144`	`+)`
	`145`	`+aReq.Old= database.APIKey{}`
	`146`	`+defercommitAudit()`
`126`	`147`
`127`		`-cookie,_,err:=api.createAPIKey(ctx, apikey.CreateParams{`
	`148`	`+// TODO(Cian): System users technically just have the 'member' role`
	`149`	`+// and we don't want to disallow all members from creating API keys.`
	`150`	`+ifuser.IsSystem {`
	`151`	`+api.Logger.Warn(ctx,"disallowed creating api key for system user",slog.F("user_id",user.ID))`
	`152`	`+httpapi.Forbidden(rw)`
	`153`	`+return`
	`154`	`+}`
	`155`	`+`
	`156`	`+cookie,key,err:=api.createAPIKey(ctx, apikey.CreateParams{`
`128`	`157`	`UserID:user.ID,`
`129`	`158`	`DefaultLifetime:api.DeploymentValues.Sessions.DefaultTokenDuration.Value(),`
`130`	`159`	`LoginType:database.LoginTypePassword,`
`@@ -138,6 +167,7 @@ func (api API) postAPIKey(rw http.ResponseWriter, r http.Request) {`
`138`	`167`	`return`
`139`	`168`	`}`
`140`	`169`
	`170`	`+aReq.New=*key`
`141`	`171`	`// We intentionally do not set the cookie on the response here.`
`142`	`172`	`// Setting the cookie will couple the browser session to the API`
`143`	`173`	`// key we return here, meaning logging out of the website would`

`‎coderd/apikey_test.go‎`

Lines changed: 54 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -2,6 +2,7 @@ package coderd_test`
`2`	`2`
`3`	`3`	`import (`
`4`	`4`	`"context"`
	`5`	`+"encoding/json"`
`5`	`6`	`"net/http"`
`6`	`7`	`"strings"`
`7`	`8`	`"testing"`
`@@ -13,8 +14,10 @@ import (`
`13`	`14`	`"github.com/coder/coder/v2/coderd/audit"`
`14`	`15`	`"github.com/coder/coder/v2/coderd/coderdtest"`
`15`	`16`	`"github.com/coder/coder/v2/coderd/database"`
	`17`	`+"github.com/coder/coder/v2/coderd/database/dbgen"`
`16`	`18`	`"github.com/coder/coder/v2/coderd/database/dbtestutil"`
`17`	`19`	`"github.com/coder/coder/v2/coderd/database/dbtime"`
	`20`	`+"github.com/coder/coder/v2/coderd/httpapi"`
`18`	`21`	`"github.com/coder/coder/v2/codersdk"`
`19`	`22`	`"github.com/coder/coder/v2/testutil"`
`20`	`23`	`"github.com/coder/serpent"`
`@@ -301,14 +304,32 @@ func TestSessionExpiry(t *testing.T) {`
`301`	`304`
`302`	`305`	`funcTestAPIKey_OK(t*testing.T) {`
`303`	`306`	`t.Parallel()`
	`307`	`+`
	`308`	`+// Given: a deployment with auditing enabled`
`304`	`309`	`ctx,cancel:=context.WithTimeout(context.Background(),testutil.WaitLong)`
`305`	`310`	`defercancel()`
`306`		`-client:=coderdtest.New(t,&coderdtest.Options{IncludeProvisionerDaemon:true})`
`307`		`-_=coderdtest.CreateFirstUser(t,client)`
	`311`	`+auditor:=audit.NewMock()`
	`312`	`+client:=coderdtest.New(t,&coderdtest.Options{Auditor:auditor})`
	`313`	`+owner:=coderdtest.CreateFirstUser(t,client)`
	`314`	`+auditor.ResetLogs()`
`308`	`315`
	`316`	`+// When: an API key is created`
`309`	`317`	`res,err:=client.CreateAPIKey(ctx,codersdk.Me)`
`310`	`318`	`require.NoError(t,err)`
`311`	`319`	`require.Greater(t,len(res.Key),2)`
	`320`	`+`
	`321`	`+// Then: an audit log is generated`
	`322`	`+als:=auditor.AuditLogs()`
	`323`	`+require.Len(t,als,1)`
	`324`	`+al:=als[0]`
	`325`	`+assert.Equal(t,owner.UserID,al.UserID)`
	`326`	`+assert.Equal(t,database.AuditActionCreate,al.Action)`
	`327`	`+assert.Equal(t,database.ResourceTypeApiKey,al.ResourceType)`
	`328`	`+`
	`329`	`+// Then: the diff MUST NOT contain the generated key.`
	`330`	`+raw,err:=json.Marshal(al)`
	`331`	`+require.NoError(t,err)`
	`332`	`+require.NotContains(t,res.Key,string(raw))`
`312`	`333`	`}`
`313`	`334`
`314`	`335`	`funcTestAPIKey_Deleted(t*testing.T) {`
`@@ -351,3 +372,34 @@ func TestAPIKey_SetDefault(t *testing.T) {`
`351`	`372`	`require.NoError(t,err)`
`352`	`373`	`require.EqualValues(t,dc.Sessions.DefaultTokenDuration.Value().Seconds(),apiKey1.LifetimeSeconds)`
`353`	`374`	`}`
	`375`	`+`
	`376`	`+funcTestAPIKey_PrebuildsNotAllowed(t*testing.T) {`
	`377`	`+t.Parallel()`
	`378`	`+`
	`379`	`+db,pubsub:=dbtestutil.NewDB(t)`
	`380`	`+dc:=coderdtest.DeploymentValues(t)`
	`381`	`+dc.Sessions.DefaultTokenDuration=serpent.Duration(time.Hour*12)`
	`382`	`+client:=coderdtest.New(t,&coderdtest.Options{`
	`383`	`+Database:db,`
	`384`	`+Pubsub:pubsub,`
	`385`	`+DeploymentValues:dc,`
	`386`	`+})`
	`387`	`+`
	`388`	`+ctx:=testutil.Context(t,testutil.WaitLong)`
	`389`	`+`
	`390`	`+// Given: an existing api token for the prebuilds user`
	`391`	`+_,prebuildsToken:=dbgen.APIKey(t,db, database.APIKey{`
	`392`	`+UserID:database.PrebuildsSystemUserID,`
	`393`	`+})`
	`394`	`+client.SetSessionToken(prebuildsToken)`
	`395`	`+`
	`396`	`+// When: the prebuilds user tries to create an API key`
	`397`	`+_,err:=client.CreateAPIKey(ctx,database.PrebuildsSystemUserID.String())`
	`398`	`+// Then: denied.`
	`399`	`+require.ErrorContains(t,err,httpapi.ResourceForbiddenResponse.Message)`
	`400`	`+`
	`401`	`+// When: the prebuilds user tries to create a token`
	`402`	`+_,err=client.CreateToken(ctx,database.PrebuildsSystemUserID.String(), codersdk.CreateTokenRequest{})`
	`403`	`+// Then: also denied.`
	`404`	`+require.ErrorContains(t,err,httpapi.ResourceForbiddenResponse.Message)`
	`405`	`+}`

`‎coderd/coderd.go‎`

Lines changed: 3 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -241,6 +241,8 @@ type Options struct {`
`241`	`241`	`UpdateAgentMetricsfunc(ctx context.Context,labels prometheusmetrics.AgentMetricLabels,metrics []*agentproto.Stats_Metric)`
`242`	`242`	`StatsBatcher workspacestats.Batcher`
`243`	`243`
	`244`	`+ProvisionerdServerMetrics*provisionerdserver.Metrics`
	`245`	`+`
`244`	`246`	`// WorkspaceAppAuditSessionTimeout allows changing the timeout for audit`
`245`	`247`	`// sessions. Raising or lowering this value will directly affect the write`
`246`	`248`	`// load of the audit log table. This is used for testing. Default 1 hour.`
`@@ -1930,6 +1932,7 @@ func (api *API) CreateInMemoryTaggedProvisionerDaemon(dialCtx context.Context, n`
`1930`	`1932`	`},`
`1931`	`1933`	`api.NotificationsEnqueuer,`
`1932`	`1934`	`&api.PrebuildsReconciler,`
	`1935`	`+api.ProvisionerdServerMetrics,`
`1933`	`1936`	`)`
`1934`	`1937`	`iferr!=nil {`
`1935`	`1938`	`returnnil,err`

`‎coderd/coderdtest/coderdtest.go‎`

Lines changed: 3 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -184,6 +184,8 @@ type Options struct {`
`184`	`184`	`OIDCConvertKeyCache cryptokeys.SigningKeycache`
`185`	`185`	`Clock quartz.Clock`
`186`	`186`	`TelemetryReporter telemetry.Reporter`
	`187`	`+`
	`188`	`+ProvisionerdServerMetrics*provisionerdserver.Metrics`
`187`	`189`	`}`
`188`	`190`
`189`	`191`	`// New constructs a codersdk client connected to an in-memory API instance.`
`@@ -604,6 +606,7 @@ func NewOptions(t testing.TB, options *Options) (func(http.Handler), context.Can`
`604`	`606`	`Clock:options.Clock,`
`605`	`607`	`AppEncryptionKeyCache:options.APIKeyEncryptionCache,`
`606`	`608`	`OIDCConvertKeyCache:options.OIDCConvertKeyCache,`
	`609`	`+ProvisionerdServerMetrics:options.ProvisionerdServerMetrics,`
`607`	`610`	`}`
`608`	`611`	`}`
`609`	`612`

`‎coderd/database/dbauthz/dbauthz.go‎`

Lines changed: 29 additions & 8 deletions

Original file line number	Diff line number	Diff line change
`@@ -1777,6 +1777,13 @@ func (q *querier) EnqueueNotificationMessage(ctx context.Context, arg database.E`
`1777`	`1777`	`returnq.db.EnqueueNotificationMessage(ctx,arg)`
`1778`	`1778`	`}`
`1779`	`1779`
	`1780`	`+func (q*querier)ExpirePrebuildsAPIKeys(ctx context.Context,now time.Time)error {`
	`1781`	`+iferr:=q.authorizeContext(ctx,policy.ActionDelete,rbac.ResourceApiKey);err!=nil {`
	`1782`	`+returnerr`
	`1783`	`+}`
	`1784`	`+returnq.db.ExpirePrebuildsAPIKeys(ctx,now)`
	`1785`	`+}`
	`1786`	`+`
`1780`	`1787`	`func (q*querier)FavoriteWorkspace(ctx context.Context,id uuid.UUID)error {`
`1781`	`1788`	`fetch:=func(ctx context.Context,id uuid.UUID) (database.Workspace,error) {`
`1782`	`1789`	`returnq.db.GetWorkspaceByID(ctx,id)`
`@@ -2242,14 +2249,6 @@ func (q *querier) GetLogoURL(ctx context.Context) (string, error) {`
`2242`	`2249`	`returnq.db.GetLogoURL(ctx)`
`2243`	`2250`	`}`
`2244`	`2251`
`2245`		`-func (q*querier)GetManagedAgentCount(ctx context.Context,arg database.GetManagedAgentCountParams) (int64,error) {`
`2246`		`-// Must be able to read all workspaces to check usage.`
`2247`		`-iferr:=q.authorizeContext(ctx,policy.ActionRead,rbac.ResourceWorkspace);err!=nil {`
`2248`		`-return0,xerrors.Errorf("authorize read all workspaces: %w",err)`
`2249`		`-}`
`2250`		`-returnq.db.GetManagedAgentCount(ctx,arg)`
`2251`		`-}`
`2252`		`-`
`2253`	`2252`	`func (q*querier)GetNotificationMessagesByStatus(ctx context.Context,arg database.GetNotificationMessagesByStatusParams) ([]database.NotificationMessage,error) {`
`2254`	`2253`	`iferr:=q.authorizeContext(ctx,policy.ActionRead,rbac.ResourceNotificationMessage);err!=nil {`
`2255`	`2254`	`returnnil,err`
`@@ -2689,6 +2688,13 @@ func (q *querier) GetQuotaConsumedForUser(ctx context.Context, params database.G`
`2689`	`2688`	`returnq.db.GetQuotaConsumedForUser(ctx,params)`
`2690`	`2689`	`}`
`2691`	`2690`
	`2691`	`+func (q*querier)GetRegularWorkspaceCreateMetrics(ctx context.Context) ([]database.GetRegularWorkspaceCreateMetricsRow,error) {`
	`2692`	`+iferr:=q.authorizeContext(ctx,policy.ActionRead,rbac.ResourceWorkspace.All());err!=nil {`
	`2693`	`+returnnil,err`
	`2694`	`+}`
	`2695`	`+returnq.db.GetRegularWorkspaceCreateMetrics(ctx)`
	`2696`	`+}`
	`2697`	`+`
`2692`	`2698`	`func (q*querier)GetReplicaByID(ctx context.Context,id uuid.UUID) (database.Replica,error) {`
`2693`	`2699`	`iferr:=q.authorizeContext(ctx,policy.ActionRead,rbac.ResourceSystem);err!=nil {`
`2694`	`2700`	`return database.Replica{},err`
`@@ -3041,6 +3047,13 @@ func (q *querier) GetTemplatesWithFilter(ctx context.Context, arg database.GetTe`
`3041`	`3047`	`returnq.db.GetAuthorizedTemplates(ctx,arg,prep)`
`3042`	`3048`	`}`
`3043`	`3049`
	`3050`	`+func (q*querier)GetTotalUsageDCManagedAgentsV1(ctx context.Context,arg database.GetTotalUsageDCManagedAgentsV1Params) (int64,error) {`
	`3051`	`+iferr:=q.authorizeContext(ctx,policy.ActionRead,rbac.ResourceUsageEvent);err!=nil {`
	`3052`	`+return0,err`
	`3053`	`+}`
	`3054`	`+returnq.db.GetTotalUsageDCManagedAgentsV1(ctx,arg)`
	`3055`	`+}`
	`3056`	`+`
`3044`	`3057`	`func (q*querier)GetUnexpiredLicenses(ctx context.Context) ([]database.License,error) {`
`3045`	`3058`	`iferr:=q.authorizeContext(ctx,policy.ActionRead,rbac.ResourceLicense);err!=nil {`
`3046`	`3059`	`returnnil,err`
`@@ -3711,6 +3724,14 @@ func (q *querier) GetWorkspacesEligibleForTransition(ctx context.Context, now ti`
`3711`	`3724`	`}`
`3712`	`3725`
`3713`	`3726`	`func (q*querier)InsertAPIKey(ctx context.Context,arg database.InsertAPIKeyParams) (database.APIKey,error) {`
	`3727`	`+// TODO(Cian): ideally this would be encoded in the policy, but system users are just members and we`
	`3728`	`+// don't currently have a capability to conditionally deny creating resources by owner ID in a role.`
	`3729`	`+// We also need to enrich rbac.Actor with IsSystem so that we can distinguish all system users.`
	`3730`	`+// For now, there is only one system user (prebuilds).`
	`3731`	`+ifact,ok:=ActorFromContext(ctx);ok&&act.ID==database.PrebuildsSystemUserID.String() {`
	`3732`	`+return database.APIKey{},logNotAuthorizedError(ctx,q.log,NotAuthorizedError{Err:xerrors.Errorf("prebuild user may not create api keys")})`
	`3733`	`+}`
	`3734`	`+`
`3714`	`3735`	`returninsert(q.log,q.auth,`
`3715`	`3736`	`rbac.ResourceApiKey.WithOwner(arg.UserID.String()),`
`3716`	`3737`	`q.db.InsertAPIKey)(ctx,arg)`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit0a73f84

File tree

51 files changed

Some content is hidden

51 files changed

`‎.github/dependabot.yaml‎`

`‎cli/server.go‎`

`‎coderd/aitasks.go‎`

`‎coderd/apikey.go‎`

`‎coderd/apikey_test.go‎`

`‎coderd/coderd.go‎`

`‎coderd/coderdtest/coderdtest.go‎`

`‎coderd/database/dbauthz/dbauthz.go‎`

0 commit comments